- Security:
gem uninstall -aIx brakeman; script/brakeman
Last active
July 12, 2016 13:38
-
-
Save bf4/2aec0697234627bb82d0 to your computer and use it in GitHub Desktop.
Brakeman CI config per discussion in https://github.com/presidentbeef/brakeman/issues/697
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cache: | |
| bundler: true | |
| directories: | |
| - reports | |
| before_script: | |
| - bundle clean --force # remove any cached brakeman from when it was in the Gemfile | |
| script: | |
| - script/brakeman |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "ignored_warnings":[ | |
| ], | |
| "updated":"2015-08-11 09:32:55 -0500", | |
| "brakeman_version":"3.0.5" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| :exit_on_warn: false # Change to true once we fix our security issues | |
| :min_confidence: 1 | |
| :quiet: true | |
| :run_all_checks: true | |
| :report_routes: true | |
| :message_limit: 200 | |
| :table_width: 200 | |
| :github_repo: org_name/repo_name | |
| :rails3: true | |
| :rails4: true | |
| :ignore_file: config/brakeman.ignore | |
| # :debug: true | |
| # :summary_only: true | |
| # :app_path: "." | |
| # :skip_files: | |
| # - config/database.yml | |
| # :safe_methods: | |
| # - :banana | |
| # :url_safe_methods: | |
| # - :banana_url | |
| # :previous_results_json: "$HOME/projects/repo_name/reports/brakeman.json" | |
| # :output_files: | |
| # - reports/brakeman.json | |
| # - reports/brakeman.html | |
| # :comparison_output_file: "/dev/stdout" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Does not install the latest brakeman if already installed | |
| gem install brakeman --conservative | |
| # Only the output configurations are specified below. The remaining configuration | |
| # is in config/brakeman.yml and any ignored warnings in config/brakeman.ignore | |
| # see https://github.com/presidentbeef/brakeman/blob/master/OPTIONS.md | |
| # config template generated by running: | |
| # brakeman -z -w2 -q -A --routes --message-limit 200 --table-width 200 --github-repo org_name/repo_name -4 -i config/brakeman.ignore -d -p . --summary --skip-files config/database.yml --safe-methods banana --url-safe-methods banana_url --compare reports/brakeman.json -o /dev/stdout -o reports/brakeman.json -o reports/brakeman.html -o /dev/stdout -C > config/brakeman.yml | |
| # https://github.com/presidentbeef/brakeman/issues/697#issuecomment-129612973 | |
| # The input and output files for JSON comparison can be the same. | |
| # The diff is always sent to the first -o option, so in this case printed to the console. | |
| # What this is missing is printing out just the summary. | |
| # It's not currently possible to both summarize and generate full reports. | |
| if [ -e "reports/brakeman.json" ] | |
| then | |
| brakeman -c config/brakeman.yml --compare reports/brakeman.json -o /dev/stdout -o reports/brakeman.json -o reports/brakeman.html -o /dev/stdout | |
| else | |
| brakeman -c config/brakeman.yml -o reports/brakeman.json -o reports/brakeman.html -o /dev/stdout | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment